Centos is a "free" distribution of Red Hat Enterprise Linux which I enjoy using. Whilst it does not have Debian's apt-get for package management it does have yum, which is not as fast but still works pretty well in most circumstances. Unfortunately today I ran into a problem in a clean install of Centos 5.3 where yum was returning the following error:

Error Message: Metadata file does not match checksum

A quick look around "the Google" turned up the relatively simple solution; at the terminal execute as root:

yum clean all yum makecache yum update

This process will take a little time, but the end result should be a nice, clean yum repository cache, complete with no annoying meta-data errors.

This post explains how to setup a Squid HTTP proxy to transparently authenticate users against a Novell eDirectory. In the Novell eco-system Border Manager is the venerable choice for an internal firewall and proxy but it is showing its age. This guide is based on this Novell Cool Solution. Unlike Border Manager, which requires the CLNTRUST client-side tool, the setup described works without the need for any desktop client software.

How it works

Within a Novell managed network the eDirectory stores authenticated user's I.P. addresses. Squid performs an LDAP search against eDirectory using the incoming I.P. address of the client. If successful the authenticated username is returned and a proxy session established. If the search comes up empty Squid prompts the client to manually enter their credentials for authentication against the eDirectory. If this too fails the proxy request is denied.

eDirectory 8.8 incompatability

This solution currently only works with eDirectory < 8.8 because Novell has slightly changed the format they store network addresses in newer versions. At the time of writing I have not been able to test against eDirectory 8.8 so I cannot determine the required code changes or test results. Hopefully in the near future this situation will change.

Squid's external_acl_type option

Transparent authentication is made possible thanks to Squid's external_acl_type configuration option. This allows external identities and groups to be identified via any external script. Once Squid is installed setting up transparent eDirectory authentication is a two step process:

Ubuntu 6.06LTS is a useful platform for VMWare because it has a small footprint by todays standards and is supported by Canonical until 2011. Unfortunately installing VMWare Server 1.0 can be a little painful given there are no binary kernel modules for Ubuntu in this release.

Fortunately there are some excellent guides for installing VMWare on this platform such as this one from HowtoForge. What follows is an installation script based on the HowtoForge guide that saves the administrator a lot of time and solves a bug along the way.

I use Media Temple for hosting of websites and Subversion repositories. The quality of service they provide is solid (especially considering the price) and the ability to SSH into the server and dig around at the command line is a huge plus. Unfortunately one of the areas they are lacking in is backups.

Media Temple provide a backup service but it is very limited in terms of capacity and granularity. Their backup function also does not provide any Subversion repository dump support which is crucial if you have ever experienced the pain of recovering from a Berkeleydb corruption.

Below is a script I use to backup my web domains, databases and Subversion repositories to compressed tar archives. Once these have been generated they are uploaded to the Amazon S3 storage cloud to create an off-site backup of off-site resources. The ability to backup directly from Media Temple to Amazon is great because it removes the middle-man (me) and maximises bandwidth usage. Pulling a tonne of data from the United States to New Zealand just to send it back again is certainly not an economical use of Internet resources.

Revit'ing It Up

This tutorial is intended to introduce the uninitiated into the world of Revit and Object Modeling. No experience is required in CAD, in fact if you are a new user you could find it easier to understand than a 20-year veteran of traditional CAD systems!

Before we jump into Revit I'll first cover a few fundamental CAD concepts and for the experienced point out how Revit differs from other CAD packages such as the mighty AutoCAD.

The one thing that really annoys me about OSX is its network share tool-set. With Windows you can map a network share to a drive letter, check a box that says 'Reconnect at login' and you are done. In OSX the process of reconnecting to a network share is not nearly as smooth as it should be.

The easy option: using Favourites

The simpliest way of achieving this task is to add the network share as a favourite. To do so go to Finder's menu and select Go -> Connect to Server. In the window enter the type and name of the network share (i.e. cifs://server/share) and press the + button to save it as a favourite. With the favourite saved open your account preferences from the Apple Menu -> System Preferences -> Accounts and go to the Login Items tab. Now open a Finder window and browse to your user directory -> Library -> Favorites and drag the relevant share icon onto the list of login items to have it mounted every time you login.

The problem of lost connections

There is one significant drawback with this technique in that if the connection to the share is lost for some reason (e.g. through sleep mode, server or network failure) OSX will not automatically reconnect to it. This becomes a real pain when trying to use a remote share as your primary iTunes music folder because when iTunes cannot find the share it restores your music directory to its default location. This leads to confusion, missing files and if you are not careful a destroyed music library.

The good news is the automount tool can come to your aid but the bad news is it is not straightforward to setup. Automount is common among the *NIX's (i.e. Linux, BSD, etc.) and works in the background to ensure your network shares are always available after restarts and network failures.

Recently I put a second, faster network card in a server. On booting OpenSuse 10 assigned the new card the name eth2 and the existing, built-in Ethernet device eth0. A number of applications, for example Samba and dnsmasq, typically bind to an Ethernet name rather than a specific IP or MAC address. It is possible to change the individual configuration files for each of these services but this is a little ugly considering my goal was to install the new hardware and disable the existing device, leaving everything else untouched.

A tidier solution is to assign eth0 to the new card and eth1 to the older (unused) device. Figuring out how to do this is a little confusing, there is no Yast option to configure network names and manually editing /etc/sysconfig/network/ifcfg-eth(mac address) provides no help either. Instead you must edit the file /etc/udev/rules.d/30-net_persistent_names.rules and change the device name associated to the relevant network MAC address. In a two card setup the file will look a little like this (each network device entry is on a single line):

Mike Clements has been having some fun with Telecom's T3G mobile broadband service and getting it to work with Linux (namely Suse Linux Enterprise Desktop). He was using the Sierra Aircard 580 and information on how to get it working on Linux can be found on debiana.net.

For those who do not want spend time reading about the basics or learn by trial and error here is a step by step guide from Mike...

This tutorial assumes you are familar with basic Linux and Windows concepts and are comfortable using SuSE Linux 9 (Professional or Enterprize). SuSE 9.2 Professional was used during the production of this guide but for most part the commands, software and general concepts should be applicable on any current version of SuSE (or OpenSUSE). To ease configuration it is very helpful to do most things from another desktop so that you can use really useful utilities like graphical Internet browsers and copy/paste tools.

4. Give the kernel a unique name by editing the .config file created by the kernel config process. Look for the EXTRAVERSION parameter and name it something other than default. If you do not specify a unique kernel name you run the risk of overriding the default kernel and modules (which means no fallback position if things do not work).